Is there a way to define private key data in the XML file for import?
When exported, the file only includes <SafePrivateKeyData>
There's another post that mentions using <ClearTextPassword> (https://forum.devolutions.net/topic17796-import-password-via-xml.aspx) so I tried also ClearTextPrivareKeyData, but it doesn't seem to do anything (defined in <Credentials> or in the <Connection> object).
I tested with RDM 14.1.3 if I import a Private Key using the XML file it works. I just add the content of my private key between <SafePrivateKeyData> and </SafePrivateKeyData>.
Also add the line <PrivateKeyType>Data</PrivateKeyType> to import the private key as Data in the database.
Were you able to successfully use that key?
I also tried the same thing with 188.8.131.52, here's what I found:
- The import appears to work, and it creates the key entry
- I can't connect to anything using the imported file
- When I Edit the entry it shows "Private key previously saved..." but when I click the view button, nothing happens
- If I press OK to save it, the XML file is updated and the <SafePrivateKeyData> element is removed entirely
So it seems to me like it's silently ignoring the data in this element, presumably when it's not encrypted in the right format.
Here's what I'm importing:
(Note this particular key is a fake one I just generated for the purposes of this test)
If I edit the entry using the RDM UI, and paste the exact key contents in (which I had between the SafeImportKey), everything works fine.
I had a chat with the engineering department and what you think is exact. RDM is able to import the Private Key Data, therefore the information is not encrypted in an encryption field so they are not valid.
I'm not sure if we have the possibility to import Private Key, I will have to do further tests.
Before doing further tests, could you detail if you are trying to migrate private keys from another software to RDM and how many entries are you looking to import?
I'm trying to automate importing instances from AWS, and wanted to distribute a single XML file (and potentially generate it/host it from a web server with its own security controls). Right now I have to distribute either the app to generate the xml or the xml file (haven't decided yet) PLUS all the certificates necessary.
I did look at the EC2 Synchronizer, but it doesn't look like it works for this:
- There are three ways of accessing instances, depending on use and age of setup: public IP (some test systems), private IP via router-established VPN (older setup), private IP tunneled through a bastionhost (newer setup). There's custom logic to determine which method to use.
- I am planning on adding tunnels to SQL server and MySQL as well, when detected, for both RDS and EC2-hosted databases. These would also go via VPN/bastionhost with the same logic (none of those are public)
- We have the same VPC name deployed to multiple regions, and my app sorts this into folders like VPC>Region>system. I can't see how to do this with Ec2 Sync (in fact, I couldn't get it to use groups at all, but that's aside)
- Depending on use we sometimes use a combination of name/instanceid/privateip to identify systems, so I was trying to concisely name them, and came up with eg ("SomeApp-backend (i123..546, 10.42.1.52)"). I don't think this can be done with EC2 sync
If we add a <ClearPrivateKeyData> field when importing with XML, could this help?
Once the entry is imported, RDM will convert the field for <SafePrivateKeyData>.
As my Maurice mentioned on the other topic with you, we currently support only Putty Private Key.
@David Yes, that would be perfect!
Separately, it would be nice if it'd support PEM format keys and automatically convert (even when importing from the UI) as AWS in particular exports PEM keys, and this would let you import them directly to RDM, without having to manually convert via puttygen or whatever first.
Thanks for your feedback, I will transfer this topic as a feature requests to the engineering department as a follow up our internal ticket number is RDMW-2089.
Regarding the PEM key, we have this on our to do list.